package com.oasystem.web.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import com.oasystem.domain.Operator;

public class SecurityFilter implements Filter{

	public void destroy() {
		
	}

	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request =(HttpServletRequest) req;
		Operator operator =(Operator) request.getSession().getAttribute("OPERATOR");
		res.setCharacterEncoding("UTF-8");
		String message = null;
		if(operator==null){
			message="请先登录";
		}else{
			//uri like /oasystem/MainMenu/configuration/operatorPage.htm
			String uri = request.getRequestURI();
			if(uri.contains("MainMenu/configuration") && !operator.isAllowConfigSystem()){
				message="你没有权限访问 配置系统";
			}
			if(uri.contains("MainMenu/profit") && !operator.isAllowProfitSystem()){
				message="你没有权限访问返利系统";
			}
			if(uri.contains("MainMenu/members") && !operator.isAllowMemberSystem()){
				message="你没有权限访问 会员管理系统";
			}
		}
		if(message==null){
			chain.doFilter(req, res);
		}else{
			req.setAttribute("message",message );
			req.getRequestDispatcher("/loginPage.htm").forward(req, res);
		}
	}

	public void init(FilterConfig arg0) throws ServletException {
		
	}

}
